2022-09-08 21:57:38 +00:00
# Configuration for contributors
2024-12-10 20:46:59 +00:00
- [Fleet server configuration ](#fleet-server-configuration )
- [YAML files ](#yaml-files )
2022-09-22 21:41:57 +00:00
2024-07-02 15:11:43 +00:00
This document includes Fleet server configuration settings that are helpful when developing or contributing to Fleet.
2022-09-08 21:57:38 +00:00
2024-07-02 15:11:43 +00:00
Unlike the [fleetctl apply format ](https://github.com/fleetdm/fleet/tree/main/docs/Contributing/fleetctl-apply.md ), the files and settings in this document are not recommended for production use. Each setting includes the best practice for being successful in production.
2022-09-08 21:57:38 +00:00
2024-12-10 20:46:59 +00:00
## Fleet server configuration
2024-06-03 19:45:41 +00:00
2024-12-10 20:46:59 +00:00
### s3_software_installers_disable_ssl
2024-06-03 19:45:41 +00:00
2024-06-28 14:40:02 +00:00
AWS S3 Disable SSL. Useful for local testing.
- Default value: false
- Environment variable: `FLEET_S3_SOFTWARE_INSTALLERS_DISABLE_SSL`
- Config file format:
```yaml
s3:
software_installers_disable_ssl: false
```
2024-12-10 20:46:59 +00:00
### s3_carves_disable_ssl
2024-06-28 14:40:02 +00:00
- Default value: false
- Environment variable: `FLEET_S3_CARVES_DISABLE_SSL`
- Config file format:
```yaml
s3:
carves_disable_ssl: false
```
2024-06-03 19:45:41 +00:00
2024-12-10 20:46:59 +00:00
### mdm.apple_apns_cert_bytes
2024-06-03 19:45:41 +00:00
The content of the Apple Push Notification service (APNs) certificate. An X.509 certificate, PEM-encoded. Typically generated via `fleetctl generate mdm-apple` .
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_APNS_CERT_BYTES`
- Config file format:
```yaml
mdm:
apple_apns_cert_bytes: |
-----BEGIN CERTIFICATE-----
... PEM-encoded content ...
-----END CERTIFICATE-----
```
2024-12-10 20:46:59 +00:00
### mdm.apple_apns_key_bytes
2024-06-03 19:45:41 +00:00
The content of the PEM-encoded private key for the Apple Push Notification service (APNs). Typically generated via `fleetctl generate mdm-apple` .
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_APNS_KEY_BYTES`
- Config file format:
```yaml
mdm:
apple_apns_key_bytes: |
-----BEGIN RSA PRIVATE KEY-----
... PEM-encoded content ...
-----END RSA PRIVATE KEY-----
```
2024-12-10 20:46:59 +00:00
### mdm.apple_scep_cert_bytes
2024-06-03 19:45:41 +00:00
The content of the Simple Certificate Enrollment Protocol (SCEP) certificate. An X.509 certificate, PEM-encoded. Typically generated via `fleetctl generate mdm-apple` .
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_SCEP_CERT_BYTES`
- Config file format:
```yaml
mdm:
apple_scep_cert_bytes: |
-----BEGIN CERTIFICATE-----
... PEM-encoded content ...
-----END CERTIFICATE-----
```
2024-06-07 21:33:00 +00:00
The SCEP certificate/key pair generated by Fleet expires every 10 years. It's recommended to never change these unless they were compromised.
2024-06-03 19:45:41 +00:00
If your certificate/key pair was compromised and you change the pair, the disk encryption keys will no longer be viewable on all macOS hosts' **Host details** page until you turn disk encryption off and back on and the keys are [reset by the end user ](https://fleetdm.com/docs/using-fleet/MDM-migration-guide#how-to-turn-on-disk-encryption ).
2024-12-10 20:46:59 +00:00
### mdm.apple_scep_key_bytes
2024-06-03 19:45:41 +00:00
The content of the PEM-encoded private key for the Simple Certificate Enrollment Protocol (SCEP). Typically generated via `fleetctl generate mdm-apple` .
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_SCEP_KEY_BYTES`
- Config file format:
```yaml
mdm:
apple_scep_key_bytes: |
-----BEGIN RSA PRIVATE KEY-----
... PEM-encoded content ...
-----END RSA PRIVATE KEY-----
```
2024-12-10 20:46:59 +00:00
### mdm.apple_scep_challenge
2024-06-03 19:45:41 +00:00
An alphanumeric secret for the Simple Certificate Enrollment Protocol (SCEP). Define a unique, static secret 32 characters in length and only include alphanumeric characters.
> SCEP is commonly applied to a number of certificate use cases. Notably, Mobile Device Management (MDM) systems like Microsoft Intune and Apple MDM use SCEP for PKI certificate enrollment.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_SCEP_CHALLENGE`
- Config file format:
```yaml
mdm:
apple_scep_challenge: scepchallenge
```
2024-12-10 20:46:59 +00:00
### mdm.apple_bm_server_token_bytes
2024-06-03 19:45:41 +00:00
This is the content of the Apple Business Manager encrypted server token downloaded from Apple Business Manager.
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_BM_SERVER_TOKEN_BYTES`
- Config file format:
```yaml
mdm:
apple_bm_server_token_bytes: |
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
Content-Transfer-Encoding: base64
... rest of content ...
```
2024-12-10 20:46:59 +00:00
### mdm.apple_bm_cert_bytes
2024-06-03 19:45:41 +00:00
This is the content of the Apple Business Manager certificate. The certificate is a PEM-encoded X.509 certificate that's typically generated via `fleetctl generate mdm-apple-bm` .
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_BM_CERT_BYTES`
- Config file format:
```yaml
mdm:
apple_bm_cert_bytes: |
-----BEGIN CERTIFICATE-----
... PEM-encoded content ...
-----END CERTIFICATE-----
```
2024-12-10 20:46:59 +00:00
### mdm.apple_bm_key_bytes
2024-06-03 19:45:41 +00:00
This is the content of the PEM-encoded private key for the Apple Business Manager. It's typically generated via `fleetctl generate mdm-apple-bm` .
- Default value: ""
- Environment variable: `FLEET_MDM_APPLE_BM_KEY_BYTES`
- Config file format:
```yaml
mdm:
apple_bm_key_bytes: |
-----BEGIN RSA PRIVATE KEY-----
... PEM-encoded content ...
-----END RSA PRIVATE KEY-----
```
2024-12-10 20:46:59 +00:00
### license.enforce_host_limit
2024-10-23 15:50:08 +00:00
Whether Fleet should enforce the host limit of the license, if true, attempting to enroll new hosts when the limit is reached will fail.
- Default value: `false`
- Environment variable: `FLEET_LICENSE_ENFORCE_HOST_LIMIT`
- Config file format:
```yaml
license:
enforce_host_limit: true
```
2024-12-10 20:46:59 +00:00
### FLEET_ENABLE_POST_CLIENT_DEBUG_ERRORS
Use this environment variable to allow `fleetd` to report errors to the server using the [endpoint to report an agent error ](./API-for-contributors.md#report-an-agent-error ). `fleetd` agents will always report vital errors to Fleet.
2024-10-23 15:50:08 +00:00
##### Example YAML
```yaml
license:
key: foobar
enforce_host_limit: false
```
2024-12-10 20:46:59 +00:00
## YAML files
2023-10-20 04:49:18 +00:00
2024-12-10 20:46:59 +00:00
### features.detail_query_overrides
2023-10-20 04:49:18 +00:00
2024-12-10 20:46:59 +00:00
This feature can be used to override "detail queries" hardcoded in Fleet.
> IMPORTANT: This feature should only be used when debugging issues with Fleet's hardcoded queries.
Use with caution as this may break Fleet ingestion of hosts data.
- Optional setting (dictionary of key-value strings)
- Default value: none (empty)
- Config file format:
```yaml
features:
detail_query_overrides:
# null allows to disable the "users" query from running on hosts.
users: null
# this replaces the hardcoded "mdm" detail query.
mdm: "SELECT enrolled, server_url, installed_from_dep, payload_identifier FROM mdm;"
```
2023-10-20 04:49:18 +00:00
2022-09-08 21:57:38 +00:00
< meta name = "pageOrderInSection" value = "1100" >
2023-07-13 16:57:17 +00:00
< meta name = "description" value = "Learn about the configuration files and settings that are helpful when developing or contributing to Fleet." >
